Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/activesupport@2.4
Typegem
Namespace
Nameactivesupport
Version2.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.2.3.1
Latest_non_vulnerable_version8.1.2.1
Affected_by_vulnerabilities
0
url VCID-1ad4-q567-8qcq
vulnerability_id VCID-1ad4-q567-8qcq
summary 
XML Parsing Vulnerability affecting JRuby users
There is a vulnerability in the JDOM backend to ActiveSupport's XML parser. you should upgrade or use one of the work arounds immediately.
references
0
reference_url http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
1
reference_url http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1856
reference_id
reference_type
scores
0
value 0.00707
scoring_system epss
scoring_elements 0.72531
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1856
3
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2013-1856.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2013-1856.yml
5
reference_url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KZwsQbYsOiI
reference_id
reference_type
scores
url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KZwsQbYsOiI
6
reference_url https://groups.google.com/group/rubyonrails-security/msg/6c2482d4ed1545e6?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/6c2482d4ed1545e6?dmode=source&output=gplain
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1856
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-1856
8
reference_url http://support.apple.com/kb/HT5784
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT5784
9
reference_url https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
10
reference_url https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
11
reference_url http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released
12
reference_url http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1856
reference_id
reference_type
scores
url http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1856
13
reference_url http://www.openwall.com/lists/oss-security/2013/03/18/4
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2013/03/18/4
14
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
0
url pkg:gem/activesupport@3.1.12
purl pkg:gem/activesupport@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ad4-q567-8qcq
1
vulnerability VCID-7s2b-9sgy-4qb4
2
vulnerability VCID-bq89-45d8-67a3
3
vulnerability VCID-chxq-j9us-cygh
4
vulnerability VCID-gyn1-xnr1-r3db
5
vulnerability VCID-hdu6-u2pb-aqhp
6
vulnerability VCID-jkk1-jx5j-q3ch
7
vulnerability VCID-kcmy-x97t-pbc3
8
vulnerability VCID-metq-6w6t-wkdw
9
vulnerability VCID-upyj-312m-cyhg
10
vulnerability VCID-y8nc-5c1w-c3ed
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.1.12
1
url pkg:gem/activesupport@3.2.13
purl pkg:gem/activesupport@3.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ad4-q567-8qcq
1
vulnerability VCID-7s2b-9sgy-4qb4
2
vulnerability VCID-bq89-45d8-67a3
3
vulnerability VCID-chxq-j9us-cygh
4
vulnerability VCID-gyn1-xnr1-r3db
5
vulnerability VCID-hdu6-u2pb-aqhp
6
vulnerability VCID-jkk1-jx5j-q3ch
7
vulnerability VCID-kcmy-x97t-pbc3
8
vulnerability VCID-metq-6w6t-wkdw
9
vulnerability VCID-upyj-312m-cyhg
10
vulnerability VCID-y8nc-5c1w-c3ed
11
vulnerability VCID-zfev-vjpc-dffy
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.2.13
aliases CVE-2013-1856, GHSA-9c2j-593q-3g82, OSV-91451
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1ad4-q567-8qcq
1
url VCID-abr5-xar6-ekcy
vulnerability_id VCID-abr5-xar6-ekcy
summary 
Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3
There is a vulnerability in the JSON code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application.
references
0
reference_url http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
1
reference_url http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2013-0201.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0201.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2013-0202.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0202.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2013-0203.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0203.html
5
reference_url https://access.redhat.com/errata/RHSA-2013:0201
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2013:0201
6
reference_url https://access.redhat.com/errata/RHSA-2013:0202
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2013:0202
7
reference_url https://access.redhat.com/errata/RHSA-2013:0203
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2013:0203
8
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0333.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0333.json
9
reference_url https://access.redhat.com/security/cve/CVE-2013-0333
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2013-0333
10
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-0333
reference_id
reference_type
scores
0
value 0.91761
scoring_system epss
scoring_elements 0.997
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-0333
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=903440
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=903440
12
reference_url https://github.com/advisories/GHSA-xgr2-v94m-rc9g
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-xgr2-v94m-rc9g
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2013-0333.yml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2013-0333.yml
14
reference_url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo
15
reference_url https://groups.google.com/group/rubyonrails-security/msg/52179af76915e518?dmode=source&output=gplain
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/52179af76915e518?dmode=source&output=gplain
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-0333
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-0333
17
reference_url https://puppet.com/security/cve/cve-2013-0333
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/cve-2013-0333
18
reference_url http://support.apple.com/kb/HT5784
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT5784
19
reference_url http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released
20
reference_url http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/
21
reference_url http://www.debian.org/security/2013/dsa-2613
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2013/dsa-2613
22
reference_url http://www.kb.cert.org/vuls/id/628463
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.kb.cert.org/vuls/id/628463
23
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699226
reference_id 699226
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699226
24
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24434.rb
reference_id CVE-2013-0333;OSVDB-89594
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24434.rb
25
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
0
url pkg:gem/activesupport@3.0.20
purl pkg:gem/activesupport@3.0.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ad4-q567-8qcq
1
vulnerability VCID-7s2b-9sgy-4qb4
2
vulnerability VCID-bq89-45d8-67a3
3
vulnerability VCID-chxq-j9us-cygh
4
vulnerability VCID-gyn1-xnr1-r3db
5
vulnerability VCID-hdu6-u2pb-aqhp
6
vulnerability VCID-jkk1-jx5j-q3ch
7
vulnerability VCID-kcmy-x97t-pbc3
8
vulnerability VCID-metq-6w6t-wkdw
9
vulnerability VCID-upyj-312m-cyhg
10
vulnerability VCID-y8nc-5c1w-c3ed
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.0.20
1
url pkg:gem/activesupport@3.1.0.beta1
purl pkg:gem/activesupport@3.1.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ad4-q567-8qcq
1
vulnerability VCID-7s2b-9sgy-4qb4
2
vulnerability VCID-a7v6-afbj-qkhy
3
vulnerability VCID-abr5-xar6-ekcy
4
vulnerability VCID-bq89-45d8-67a3
5
vulnerability VCID-chxq-j9us-cygh
6
vulnerability VCID-gyn1-xnr1-r3db
7
vulnerability VCID-hdu6-u2pb-aqhp
8
vulnerability VCID-jkk1-jx5j-q3ch
9
vulnerability VCID-kcmy-x97t-pbc3
10
vulnerability VCID-metq-6w6t-wkdw
11
vulnerability VCID-p62q-tuq8-7ubx
12
vulnerability VCID-upyj-312m-cyhg
13
vulnerability VCID-y8nc-5c1w-c3ed
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.1.0.beta1
aliases CVE-2013-0333, GHSA-xgr2-v94m-rc9g, OSV-89594
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-abr5-xar6-ekcy
2
url VCID-chxq-j9us-cygh
vulnerability_id VCID-chxq-j9us-cygh
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a problematic string method, as demonstrated by the sub method.
references
0
reference_url http://groups.google.com/group/rubyonrails-security/msg/663b600d4471e0d4?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/663b600d4471e0d4?dmode=source&output=gplain
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062514.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062514.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062090.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062090.html
3
reference_url http://openwall.com/lists/oss-security/2011/06/09/2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2011/06/09/2
4
reference_url http://openwall.com/lists/oss-security/2011/06/13/9
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2011/06/13/9
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-2197
reference_id
reference_type
scores
0
value 0.00442
scoring_system epss
scoring_elements 0.63594
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-2197
6
reference_url http://secunia.com/advisories/44789
reference_id
reference_type
scores
url http://secunia.com/advisories/44789
7
reference_url https://gist.github.com/NZKoz/b2ceb626fc2bcdfe497f
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gist.github.com/NZKoz/b2ceb626fc2bcdfe497f
8
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
9
reference_url https://github.com/rails/rails/commit/53a2c0baf2b128dd4808eca313256f6f4bb8c4cd
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/53a2c0baf2b128dd4808eca313256f6f4bb8c4cd
10
reference_url https://github.com/rails/rails/commit/ed3796434af6069ced6a641293cf88eef3b284da
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/ed3796434af6069ced6a641293cf88eef3b284da
11
reference_url http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-2197
reference_id CVE-2011-2197
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-2197
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2197.yml
reference_id CVE-2011-2197.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2197.yml
14
reference_url https://github.com/advisories/GHSA-v9v4-7jp6-8c73
reference_id GHSA-v9v4-7jp6-8c73
reference_type
scores
url https://github.com/advisories/GHSA-v9v4-7jp6-8c73
fixed_packages
0
url pkg:gem/activesupport@3.0.7
purl pkg:gem/activesupport@3.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ad4-q567-8qcq
1
vulnerability VCID-7s2b-9sgy-4qb4
2
vulnerability VCID-a7v6-afbj-qkhy
3
vulnerability VCID-abr5-xar6-ekcy
4
vulnerability VCID-bq89-45d8-67a3
5
vulnerability VCID-chxq-j9us-cygh
6
vulnerability VCID-gyn1-xnr1-r3db
7
vulnerability VCID-hdu6-u2pb-aqhp
8
vulnerability VCID-jkk1-jx5j-q3ch
9
vulnerability VCID-kcmy-x97t-pbc3
10
vulnerability VCID-metq-6w6t-wkdw
11
vulnerability VCID-p62q-tuq8-7ubx
12
vulnerability VCID-upyj-312m-cyhg
13
vulnerability VCID-y8nc-5c1w-c3ed
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.0.7
1
url pkg:gem/activesupport@3.0.8
purl pkg:gem/activesupport@3.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ad4-q567-8qcq
1
vulnerability VCID-7s2b-9sgy-4qb4
2
vulnerability VCID-a7v6-afbj-qkhy
3
vulnerability VCID-abr5-xar6-ekcy
4
vulnerability VCID-bq89-45d8-67a3
5
vulnerability VCID-chxq-j9us-cygh
6
vulnerability VCID-gyn1-xnr1-r3db
7
vulnerability VCID-hdu6-u2pb-aqhp
8
vulnerability VCID-jkk1-jx5j-q3ch
9
vulnerability VCID-kcmy-x97t-pbc3
10
vulnerability VCID-metq-6w6t-wkdw
11
vulnerability VCID-p62q-tuq8-7ubx
12
vulnerability VCID-upyj-312m-cyhg
13
vulnerability VCID-y8nc-5c1w-c3ed
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.0.8
aliases CVE-2011-2197, GHSA-v9v4-7jp6-8c73
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-chxq-j9us-cygh
3
url VCID-metq-6w6t-wkdw
vulnerability_id VCID-metq-6w6t-wkdw
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a "UTF-8 escaping vulnerability."
references
0
reference_url http://groups.google.com/group/rubyonrails-security/msg/f1d2749773db9f21?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/f1d2749773db9f21?dmode=source&output=gplain
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065114.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065114.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065189.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065189.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-2932
reference_id
reference_type
scores
0
value 0.00813
scoring_system epss
scoring_elements 0.74618
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-2932
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=731435
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=731435
6
reference_url http://secunia.com/advisories/45917
reference_id
reference_type
scores
url http://secunia.com/advisories/45917
7
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
8
reference_url https://github.com/rails/rails/commit/bfc432574d0b141fd7fe759edfe9b6771dd306bd
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/bfc432574d0b141fd7fe759edfe9b6771dd306bd
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2932.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2932.yml
10
reference_url http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
11
reference_url http://www.openwall.com/lists/oss-security/2011/08/17/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/17/1
12
reference_url http://www.openwall.com/lists/oss-security/2011/08/19/11
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/19/11
13
reference_url http://www.openwall.com/lists/oss-security/2011/08/20/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/20/1
14
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/13
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/13
15
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/14
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/14
16
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/5
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-2932
reference_id CVE-2011-2932
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-2932
18
reference_url https://github.com/advisories/GHSA-9fh3-vh3h-q4g3
reference_id GHSA-9fh3-vh3h-q4g3
reference_type
scores
url https://github.com/advisories/GHSA-9fh3-vh3h-q4g3
19
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
0
url pkg:gem/activesupport@3.0.10
purl pkg:gem/activesupport@3.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ad4-q567-8qcq
1
vulnerability VCID-7s2b-9sgy-4qb4
2
vulnerability VCID-a7v6-afbj-qkhy
3
vulnerability VCID-abr5-xar6-ekcy
4
vulnerability VCID-bq89-45d8-67a3
5
vulnerability VCID-chxq-j9us-cygh
6
vulnerability VCID-gyn1-xnr1-r3db
7
vulnerability VCID-hdu6-u2pb-aqhp
8
vulnerability VCID-jkk1-jx5j-q3ch
9
vulnerability VCID-kcmy-x97t-pbc3
10
vulnerability VCID-metq-6w6t-wkdw
11
vulnerability VCID-p62q-tuq8-7ubx
12
vulnerability VCID-upyj-312m-cyhg
13
vulnerability VCID-y8nc-5c1w-c3ed
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.0.10
1
url pkg:gem/activesupport@3.1.0
purl pkg:gem/activesupport@3.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ad4-q567-8qcq
1
vulnerability VCID-7s2b-9sgy-4qb4
2
vulnerability VCID-a7v6-afbj-qkhy
3
vulnerability VCID-abr5-xar6-ekcy
4
vulnerability VCID-bq89-45d8-67a3
5
vulnerability VCID-chxq-j9us-cygh
6
vulnerability VCID-gyn1-xnr1-r3db
7
vulnerability VCID-hdu6-u2pb-aqhp
8
vulnerability VCID-jkk1-jx5j-q3ch
9
vulnerability VCID-kcmy-x97t-pbc3
10
vulnerability VCID-metq-6w6t-wkdw
11
vulnerability VCID-p62q-tuq8-7ubx
12
vulnerability VCID-upyj-312m-cyhg
13
vulnerability VCID-y8nc-5c1w-c3ed
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.1.0
aliases CVE-2011-2932, GHSA-9fh3-vh3h-q4g3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-metq-6w6t-wkdw
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/activesupport@2.4